17. What is the Open Web Application Security Project (OWASP) and do you offer information security policies and procedures for compliance and best practices?

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit entity focusing on many aspects of information security, particularly that of software security. Over the years, OWASP has become very well-known for the "OWASP Top 10" lists - detailed listings of the top 10 most critical security issues relating to web application security. In fact, it's this Top 10 list that has effectively launched OWASP into worldwide notoriety and recognition, as the list is seen as extremely credible, comprehensive, and well-written. So much so that many organizations have included the Top 10 list as must read for any personnel involved in software development, particularly for web-based applications in Software as a Service (SaaS) environments.

OWASP’s “vision” – according to owasp.org, consists of the following components:

  • Core values that comprise of the following elements: “Open, Innovation, Global, and Integrity”.
  • A core purpose to be that of a thriving global community that promotes visibility regarding the safety and security of software.
  • A well-established set of code of ethics and principles.
  • Lastly, a vision that consist of the following: “Outreach, Projects, Steak holders, Focus, Support, and Platform”.

In short, there’s quite a bit going on at OWASP, and individuals and organizations alike can get involved in any number of ways, such as through the OWASP projects and membership, just to name a few.

The importance of OWASP simply cannot be overlooked, especially if your organization is involved in the development of software applications, or has a credible interest in the safety and security of software application development. To be fair, that entails a wide-range of entities, as businesses are becoming more and more dependent on software solutions for facilitating their needs.

Information Security Policies and Procedures and OWASP go together

Getting involved with OWASP is a great idea, but what’s critically important is having documented information security policies and procedures that include provisions for the safety and security of software, and all interconnecting system resources that help develop the software – and ultimately – for where it resides (i.e., web servers, client server environments, etc.). That’s why organizations need a comprehensive set of information security policies and procedures from FLANK. As an industry leader in security documentation, the FLANK21 set of documents contains hundreds of in-depth, well-written policies, procedures, forms, checklists, provisioning and hardening documents – and much more.

We’re talking about checklists for databases, detailed policy documents for web servers – the list goes on and on.  OWASP should be an important element of your organization’s information security, so should the GISCP security documents from FLANK. Order today and download the documents immediately.